1. Field of the Disclosure
The present disclosure relates to a method and apparatus for detecting an application using packet inspection in a communication system.
2. Description of the Related Art
In order for 3rd Generation Partnership Project (3GPP) systems to properly allocate resources such as frequency bandwidth, to a plurality of communication terminals in a wireless communication system, such as a Long Term Evolution (LTE) system, a packet inspection device may perform Deep Packet Inspection (DPI). In other words, the packet inspection device may identify the resource usage of each communication terminal in real time, and authenticate the reasonability thereof. Further, the packet inspection device may determine whether to allocate resources to each communication terminal, and determine the amount of resources allocated. In this way, it is possible to operate the resources more efficiently in the wireless communication system.
DPI may inspect up to Layer 7 (L7) data of a user packet. Using DPI, it is possible to detect a protocol or an application (or an application service), or to extract metadata information included in an upper layer.
The identification information obtained through DPI and the data extracted through DPI may be used for purposes of determination of the operator's accounting policy, provision of Quality of Service (QoS) regarding the type of an application, and detection of the occurrence of a network failure and load distribution due to fraudulent use.
A method for detecting an application using packet inspection may include a tuple information matching method, a method for matching a common data pattern in a payload, and a method for matching behavior analysis data of an application. The tuple information matching method is a method for identifying an application by comparing the tuple information that is used in common by an application or protocol desired to be identified. The common data pattern matching method is a method for detecting an application by registering in a database a common pattern included in an application to be detected, and comparing the common pattern registered in the database with a pattern in a payload of a packet to be inspected. The behavior analysis data matching method is a method of making use of statistical information of a packet such as bits/sec (bps), packets/sec (pps), or using a learning-based pattern matching approach such as a neural network and machine learning.
Recently, network operators have enhanced the function of the DPI for the reduction of Operation Expenditure (OPEX) through the deployment of an intelligent network. On the other hand, content providers providing a Voice over Internet Protocol (VoIP) or a video streaming service may avoid service restrictions by making application detection by a network operator impossible, may make it difficult to find a common pattern using data encryption or proprietary protocol to enhance the security of user data, or may make it difficult to distinguish between applications by using a standard protocol such as Real-time Transport Protocol (RTP) and Session Initiation Protocol (SIP). Therefore, it is difficult for network operators to provide customized plans specialized for Social Networking Service (SNS), a mail service and the like.